RE: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions

From: Date: Wed, 01 Aug 2012 20:36:57 +0000
Subject: RE: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
References: 1 2 3 4 5 6 7 8 9  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message 
On Tue Jul 31 12:21 PM, Anthony Ferrara wrote:
> Jonathan,
> 
> 
> Again, implementing something in the core that's not verified and 
> can't be implemented well by the vast majority of developers out 
> there. 

Alright so I found some people supporting my claims:
http://blog.mozilla.org/webappsec/2011/05/10/sha-512-w-per-user-salts-is-not
-enough/
http://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/

It looks like Mozilla is using what you suggested, to be honest I don't
quite understand the difference between:

a) password_hash_rfc( hash_hmac('sha-512', 'password', '1024-bytes
secret')
);
b) password_hash_rfc('password' . '1024-bytes secret' );

It seems to me that (b) would more computationally expensive to break since
you have more bytes in a slower algo.

Interestingly enough, there was a proposal for MD6 to be a keyed hash (with
pepper) 
http://people.csail.mit.edu/rivest/pubs/RABCx08.pdf
(3.5 A keyed hash
function)

There does seem to be some research on keyed hash functions here (4.2 MAC
construction):
http://research.microsoft.com/pubs/64588/hash_survey.pdf

But this use case has nothing to do with securing passwords
SHA1(k||M)

I guess my final point is a lot of code out there already do hash passwords
with a secret key, it would be nice to have that facility in PHP core.

Thread (47 messages)

« previous php.internals (#61943) next »